cvedb.io
CVE-2018-10905
HIGH · CVSS 7.8
EPSS exploitation probability: 0%
Published 2018-07-24T13:29:00.447 · Last modified 2026-06-17T01:34:53.323

Summary

CloudForms Management Engine (cfme) is vulnerable to an improper security setting in the dRuby component of CloudForms. An attacker with access to an unprivileged local shell could use this flaw to execute commands as a high privileged user.

Affected products

redhat — cloudforms

Does this affect you?

Add your gear to cvedb and we'll alert you only when redhat ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.